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PRE-APPEAL BRIEF REQUEST FOR REVIEW 



Sir: 



Applicant request review or the final rejection in the above-identified application. No 
amendments are being filed with this request. 

This request is being filed with a notice of appeal. 

The review is requested for the reasons stated helow. 

The undersigned is an attorney of record. 

Applicant request pre-appcal review of the Examiner's rejection of claims 1-18 under 35 
U.S.C. § 1 02(e) over U.S. Patent No. Ml 8,472 to Mi et a). ("Mi"). 
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REMARKS 

I. Clear 1 cgal fcrr&r under § 102: Mi fails to teach each and every limitation of claims 1-18 

A, Mi fails to teach applying an access rate limit 

Claims 1-1 8 stand finally rejected under 35 U.S.C. § 102(e) as being anticipated by U.S. 
Patent No. 6,41 8,472 to Mi et al. ("Mi")> Each and every limitation of the claim must be found 
in the prior art to be anticipated. See M.P.E.P. §2131. Moreover, the identical invention must 
be shown in as complete detail as is contained in the claim. Id. Applicant respectfully submits 
that the Examiner has committed clear legal error by failing to indicate whether Mi discloses 
applying ;in access rate limit as called for by independent claims 1 , 14, and 1 8. 

In rejecting claims 1, 14, and 18, the Examiner suggests that Mi discloses applying the 
"rate Iimi of the present invention and further argues that the Applicant "does not argue how 
the limitation [rate limit] ... is patentably distinct from Mi." See Office Action mailed June 27, 
2006, p. 2 (emphasis in original). As explained in the Amendment and Reply of April 21, 2006 
("Reply"), however, the "time period" taught by Mi is not an "access rate limit" and that "the Mi 
patent is silent as to any rate limit or rate limiting." Nonetheless, the Examiner has continually 
failed to indicate whether the "rate limit" of claims 1, 14, and 1 8 are met by Mi. 

Ac cordingly, claims 1, 14, and 18 have been improperly rejected under 35 U.S.C. § 
102(e) and claims 1-18 are submitted to be allowable. 

B. Mi fails to teach the control levels of claim 14 

The Examiner has committed clear legal error by failing to indicate whether Mi discloses 
the control levels and invocation of such control levels as called for by claim 14. Claim 14 calls 
for a first, second, third, and fourth control level and invoking the control levels sequentially 
depending on the number of failed attempts within a set time period to verify the user. 

In rejecting claim 14 over Mi, the Examiner improperly focuses on the end result- 
preventing hackers from gaining access-rather than the limitations explicitly called for by the 
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claims. In particuliir, the Examiner points lo the verification steps for a single access request as 
taught by Mi without indicating how these steps pertain to the multiple control levels called for 
by claim 14. For example, the Examiner points to step 620 of FIG. 6, which discloses the server 
repeating the call-back process, as teaching the third control level of claim 14. However, claim 
14 calls for a third level "requiring use of predetermined download software for transmitting said 
access requests and verifying said user." 

Because the Examiner has failed to indicate or explain whether Mi teaches each and 
every limi tation of claim 14, the rejection of claim 14 under 35 U.S.C. § 102(e) is improper. 

II. Clear Factual Error 

A. The session "time limit 77 taught by Mi is not equal to an access "rate limit 7 ' 

Claims 1 , 14, and 1 8 stand finally rejected under 35 U.S.C. § 102(c) as being anticipated 
by Mi. Tn rejecting the claims, the Examiner states that both Mi and the present invention teach 
the use of a rate limit based on a ^ime variable" to restrict access. Applicant respectfully 
submits that Examiner's conclusion is a clear factual error. 

M discloses a system for preventing hacker access by using a verification agent. In 
response to a client request for an object, the server opens a session and generates and transmits a 
session identifier plus the verification agent to the client. The client then executes the 
verification agent and calculates a hash value based on the client's processor number. If the 
process number is in an allowed list, the server grants the client access. See col. 4, lines 21-34. 
If the rctu n value is not received within a "set time period," the session will "time out." See 
FIG. 3, st(!p 350. In the verification system of Mi, a party may make an unlimited number of 
requests or access attempts. See FIG. 5, items 545, 555, and 550. Only the session time is 
limited. 

In contrast, :he present invention is directed to application of a "rate limit" whilst moving 
sequentially through control levels. Kor example, in the first control level the access rate limit of 
the present invention is "continuously imposed" until a user is verified or the system moves to a 
second co rtrol level. See Specification, p. 6, line 1. 
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Whereas the time limit disclosed by Mi involves application of a maximum period of 
time in which the server will wait for a single response, the rate limit of the present invention 
involves application of a rate of access requests in a specified time period. The "time limit" 
taught by Mi prevents a hacker from having time to intercept the verification agent during a 
single session. See col. 4, line 59-65. It does not deny access if too many requests are given 
under a se t period of time. In contrast, the present invention assumes a hacker can eventually 
gain access and prevents hackers from making unlimited attempts during a period of time. 

Additionally, the variables called for by Mi and the present invention are fundamentally 
different. The rate limit of the present invention is a higher order variable in that it calls for a 
rate of change over time rather than simply a time period. See Specification, p. 4, lines 1 1-14. 
As understood by one in the art, a time variable is a derivative of rate. The number of requests 
per unit ti nc is limited to that which a human user could make thus verifying that the client is 
user-conti oiled and not under control of a hacker- For example, in the second access control the 
number o:: verifications or requests maybe limited to n requests per 24-hour period. See 
Specification, p. 7, lines 1-2. In another example, in the first control level a telephone line may 
be limited to a rate of "2 to 6 [server calls] per minute." See Specification, pg. 6, lines 25-27. 

Applicant respectfully submits that the Examiner has committed a clear factual error by 
equating i. "time limit" to a ' 4 rate limit" As previously argued and noted above, Applicant 
submits that Mi fails to disclose rate limiting as called for by claims 1, 14, and 18. Similarly, 
claims 2-1 3 and 15-17 are submitted to be allowable for the same reasons noted above. 

B, The verification steps taught by Mi are not equal to "control levels" 

Claim 14 calls for four control levels applied sequentially depending on the number of 
failed verification attempts. In rejecting claim 14, the Examiner refers to FIG. 3, steps 350 and 
360/370, 2md FIG. 6, steps 620 and 640, as teaching access control levels. Applicant respectfully 
submits that the Examiner's conclusion is a clear factual error. 

In contrast to the single verification test taught by Mi, claim 14 calls for applying 
multiple " lack program detection tests." Such tests are discussed on page 7 of the specification 
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as originally filed. Further, claim 14 calls for a third control level requiring use of downloaded 
software. In contrast, step 620 referred to by the Examiner discloses repeating a call-back 
process. At most, this step requires downloading a Java applet to be run by the browser not an 
entire sofiwarc application. See col. 9, lines 51-60. 

Applicant submits that none of the steps disclosed by Mi are equivalent to nor related to 
the contrcl levels called for by claim 14. Applicant submits that Claim 14 is thus allowable over 
the cited sil, and the rejection under 35 U.S.C. § 102(e) is improper. 



Applicant respectfully requests that the Panel reconsider and withdraw the rejections of 
claims 1 - : 8 over Mi. If the Examiner or the Panel believe, for any reason, that personal 
communication will expedite prosecution of this application, the Examiner or the Panel are 
invited to telephone the undersigned at the number provided below. 

Tt e Commissioner is hereby authorized to charge any underpayment of the following 
fees associated with this communication, including any necessary fees for extension of time and 
for the pre mentation of extra claims, or credit any overpayment to Deposit Account No. 5 0-23 1 9 
(Order Nc. 461124-00038; Docket No. A-71400/DJB/VEJ/RBE). 

Prompt and favorable consideration of this Request is respectfully requested. 



DORSEY & WHITNEY LLP 

Suite 1000 

555 California Street 

Sun Francisco, California 94104-1513 

Telephone: (415)781-1989 Facsimile: (415)398-3249 
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Respectfully submitted, 



Dale: Sep ember 27, 2006 
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